MDEV-16153 Server crashes in Apc_target::disable, ASAN heap-use-after-free in Explain_query::~Explain_query upon/after EXECUTE IMMEDIATE

Explain_query must be created in the execution arena.
But JOIN::optimize_inner temporarily switches to the statement arena
under `if (sel->first_cond_optimization)`. This might cause
Explain_query to be allocated in the statement arena. Usually it is
harmless (although technically incorrect and a waste of memory), but
in case of EXECUTE IMMEDIATE, Prepared_statement object and its
statement arena are destroyed before log_slow_statement() call,
which uses Explain_query.

Fix:
1. Create Explain_query before switching arenas.
2. Before filling earlier-created Explain_query with data, set
thd->mem_root from the Explain_query::mem_root

1 files changed, 6 insertions, 0 deletions

diff --git a/mysql-test/t/explain_slowquerylog.test b/mysql-test/t/explain_slowquerylog.test
index 6503a326eb8..ee90fbac4e6 100644
--- a/mysql-test/t/explain_slowquerylog.test
+++ b/mysql-test/t/explain_slowquerylog.test
@@ -61,3 +61,9 @@ SELECT 1;
 SET log_slow_rate_limit=@save1;
 SET long_query_time=@save2;
 
+#
+# MDEV-16153 Server crashes in Apc_target::disable, ASAN heap-use-after-free in Explain_query::~Explain_query upon/after EXECUTE IMMEDIATE
+#
+create table t1 (a int);
+execute immediate "select * from t1 join t1 t2 on (t1.a>5) where exists (select 1)";
+drop table t1;